Australia’s Attorney-General Nicola Roxon has re-stated the case for a European-style data retention regime, arguing that there’s no point bringing a knife to a gun fight when it comes to protecting Australia’s interests.
In a speech delivered to the 2012 Security in Government conference in Canberra today, Roxon quickly …

COMMENTS

"The Reg mentioned the contents of Roxon’s speech in an IRC channel"

You realize of course that this is inciting cyberterrorism (and hey, there'll be underage people chatting there, add in a "pedo" somewhere too, just in case), and so you are complicit and need to be regulated.

Wouldn't hold that beyond Roxon, since she apparently has no clue about these checks and balances her speechwriter stuck in there to placate the peuple. She's just admitted to alread hold more information than is really safe to keep, so she's trying to bury that in a mountain of even more data to mandatorily store? Security by haystack, anyone?

Stasi 2.0

"We cannot live in a society where criminals and terrorists operate freely on the internet without fear of prosecution."

So the best way to stop "terrorists" is to create a big cache of data on every citizen that can be reviewed whenever a suspicion arises? Reminds me of German history: the Stasi created extensive files on every possible dissident (= most citizens) to ensure that they would have the data to catch possible terrorists and / or inconvenient activist. Of course, they had to invest a little more work to collect the data, since their citizens were less prone to reveal their lives on the internet. Now we move on to Stasi 2.0 with somewhat modernized tools.

Now, that the communist systems have failed, the free democracies have lost their motivation to maintain individual freedom. There is no more bad guy to offer a dissuasive example for us, there is no comparison to tell us when we cross the line to a surveillance society. But the comparison to German history makes me wonder where all those highly trained surveillance officers from the Stasi found their new job.

Ooh, and Mrs. Roxon offered a classic tell to illustrate the disconnect between her desire to supervision and the real threats for society: Her example for the terrorist threat is the murder of a politician in 1994. No major atrocities since that date? Sounds like a fairly safe society to me.

VPN everywhere

Hi

I have been looking at this topic for some time, have come to the conclusion the 'public' will lose, and therefore would simply suggest that VPN becomes the defacto communications means. The problem I have is that when I used VPN to download I lost 50% of my bandwidth. I am also not fully clear on how to establish a reliable, permanent VPN for my entire family network, particularly without losing so much bandwidth.

So, Reg Readers/Authors, - how about a lesson on establishing permanent, simple to use VPN for the entire household, assuming some form of permanent (DSL) internet connection, and NAT firewall. In my case, thats 4 users, 2-3 devices each, all living on one house with a permanent hi-speed connection. The solution has to cater for browsing, email, on-line games and downloads. Also, services such as iTunes movies, Netflix etc...

Re: VPN everywhere

Free VPNs and proxies are a waste of time, and all too often they're provided free by foreign governments or criminal agencies who use them to intercept your credentials, track your site visits and other nefarious purposes.

I use VyprVPN, which costs $19.95 AU per month, and gives me fast, reliable VPN service in a choice of 6 countries - USA, UK, Netherlands, Germany, France and Hong Kong. Their system uses OpenVPN, a FOSS VPN client that is easy to set up and use, and Goldenfrog (the providers of VyprVPN) also provide automated set up for the client, so all you do is download and install it, put in the username and password you signed up with, select a country you want to appear to be in, and off you go. Once it's running, all your net applications - browser, email, bittorrent, whatever - are automatically routed through the VPN.

It's not only useful for preventing data retention, my major use for it is circumventing geolocation lockouts. Can't watch Hulu TV because I'm in Australia? No problem - just set the VPN to America and I can watch all I want. BBC iPlayer? Set it to UK. Throw off the MAFIAA? Hong Kong.

I used to only use it for the above, but because of this law, I now leave the VPN on all the time - my computers boot with it on. The only records my ISP will have of me is a constant running encrypted connection to other countries.

A few caveats with using VPNs with secure sites, however - be careful if you log into your bank, or games like World of Warcraft (or systems like Steam), or any porn sites you may be a member of. If you try to log in to your bank, and you've normally done this from Australia, suddenly appearing to be from Hong Kong or America could cause them to raise questions. Likewise WoW gets very shitty if you appear to be outside your native country when you log in.

And porn sites use IP location to prevent account sharing - I've had accounts cancelled and my credit card blocked by a couple of such sites because I accidentally logged in with the VPN set to a different country than the one I signed up from - they thought I'd shared the account. So if you're going to sign up to such sites, do so with the VPN on and make sure it's always set to the same country whenever you log into that site. (I tend to sign up to porn sites from the France VPN given their laissez-faire attitude to sex!)

That's about all you need to be aware of, really. It's not rocket science. VyprVPN is very easy to set up and once it's going, it's completely transparent. And that lovely "fuck your geolocation" feeling you get when you download content from a region-locked site that normally blocks your country is worth every cent by itself!

Re: VPN everywhere

It's done with the client - it sets an icon in the systray (bottom right of the taskbar where the clock is). Right-click the icon and it pops up a menu from which you can switch VPNs, disconnect, or reconnect, with a couple of clicks.

Eventually

In all 'democracies' we will have to prove to a court on a regular basis that we are not criminal. The thought police will study everything you have ever done, thought, said, sent, emailed, posted, mailed (using proper mail).... and if there is a single hint that you don't agree with government policy you will be chucked in the gas chamber.

We don't learn do we? The mindless idiots are allowing governments to do this. Today the government might (and only might) not have any ill intent against you, but tomorrows might decide you are Jewish/Romany/Christian/Muslim and should be escorted on trains to the nearest 'camp' and murdered. By allowing the government to collect and store all this info you are allowing this. Don't forget Hitler and his cronies were elected.

What is a terrorist? Anyone that disagrees with government policy... Look at the situation in Syria - the uprising is terrorist led according to their government...

What would the people say if all their postcards from holiday were scanned and stored? All their love letters from childhood were scanned and stored? Do they realise all their bankaccounts are already sent to the US for their inspection, and the US inspect all their flight/ferry bookings?

Re: Eventually

"What would the people say if all their postcards from holiday were scanned and stored? All their love letters from childhood were scanned and stored?"

OH NO! The government knew that the weather was nice in Spain and that I had a really good time. And that I had a crush on a girl called Natalie when I was 10....wait she could have been a terrorist! Thank god they will be reading those...

Substitute Privacy for Liberty, and the quote is still perfectly valid.

I have never understood the hypocrisy of politicians who seek to record the minutae of our lives while demanding protection for thier own privacy.

The bad guiys DONT move in the open or use thier own identities. This is just another Government in fear of its own populace that feels it needs to watch everyone in order to preempt threats to the social order that they seek to maintain - that where we are screwed over by business and Government and have the added pleasure of bankrolling the shafting

crazy

A couple of points...

AFAIK the law states that ISPs should retain data for two years. That is outside of any protection the government can provide, so her context about risk management is wrong.

Today it was on the news that a child sex ring had been busted. The online communications were tracked, and connections with users in America were found. American authorities were alerted, and both Australians and Americans were arrested. So, if that is possible now, tell me again why we need data retention laws?

As many have said, It is already possible to communicate in secret on the internet.

That's going to be fun with IPv6

I can already do traffic cloaking (even without a VPN) on IPv4, but IPv6 has so many routes to create a covert channel that I wish them luck keeping up. Just as a small example extensible headers are a beautiful place to carry extra data..

Conclusion: the basic assumption is that terrorists and criminals are dumb. Somewhat flawed assumption IMHO..

optional?

you canmake the most secure and robust server for storing personal data. you can have it log everyone that access and data or alters it. You can prevent anyone without the correct level of privilege on the system from accessing anything including logs...xc

the falling down point is when the system is perfect, but the management of the system are clueless. you know the one, a single login a whole department, people using other peoples logins. plus a whole host of acts of stupidity from the people in charge....

the only way to keep the data safe on a computer is to not have it on computers...

Phuong Ngo Not Such a Good Example?

A quick look on Wikipedia suggests that the case against Phuong Ngo isn't as watertight as they'd have you believe. Two mistrials were declared before he was found guilty (though a subsequent appeal failed).

As it stands

I work professionally in the computer/communications related issues in the criminal justice system in Australia.

In my experience most local telecoms and internet data is retrieved via warrant issued at some reasonable time before or after an alleged offence.

The system has interception warrants (prior) and stored communication warrants (post).

What these warrants can't do is capture communications in real time from international providers. e.g. hotmail, nor any significant period after an event.

Data retention may well work for local transmission systems. For anything serious and seriously avoided there is no legislation that will help.

Australian legislation ignores totally the use of offshore mail providers. In addition, Blackberry phones are encrypted entirely in the path from local phone to local phone for data messages - as are skype calls.

As an expert in the area, items such as SMTP records and call detail records are very useful. These do not seem to be on the Australian Government Agenda.